package com.xiang.config;

import com.xiang.service.UserService;
import java.util.ArrayList;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.config.annotation.configurers.ClientDetailsServiceConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configuration.AuthorizationServerConfigurerAdapter;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableAuthorizationServer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerEndpointsConfigurer;
import org.springframework.security.oauth2.config.annotation.web.configurers.AuthorizationServerSecurityConfigurer;
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
import org.springframework.security.oauth2.provider.token.TokenEnhancerChain;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.JwtAccessTokenConverter;

/**
 * 授权服务器
 */
@Configuration
@EnableAuthorizationServer
public class AuthorizationServerConfig extends AuthorizationServerConfigurerAdapter {

  @Autowired
  private PasswordEncoder passwordEncoder;

  @Autowired
  private AuthenticationManager authenticationManager;

  @Autowired
  private UserService userService;

//    @Autowired
//    @Qualifier("redisTokenStore")
//    private TokenStore tokenStore;

  @Autowired
  @Qualifier("jwtTokenStore")
  private TokenStore tokenStore;

  @Autowired
  private JwtAccessTokenConverter jwtAccessTokenConverter;

  @Autowired
  private JwtTokenEnhancer jwtTokenEnhancer;



  @Override
  public void configure(AuthorizationServerSecurityConfigurer security) throws Exception {
    // 获取密钥需要身份认证，使用单点登录时必须配置
    security.tokenKeyAccess("isAuthenticated()");
  }

  @Override
  public void configure(ClientDetailsServiceConfigurer clients) throws Exception {
    clients.inMemory()
        .withClient("admin")
        .secret(passwordEncoder.encode("112233"))
        //配置访问token的有效期
        .accessTokenValiditySeconds(3600)
        //配置刷新token的有效期
        .refreshTokenValiditySeconds(864000)
//                .redirectUris("http://www.baidu.com")
        //单点登录时配置  配置redirect-url,用于授权成功后跳转
        .redirectUris("http://localhost:8081/user/getCurrentUser")
        .scopes("all")
        //自动授权配置
        .autoApprove(true)
        .authorizedGrantTypes("password", "refresh_token", "authorization_code")
    ;
  }

  /**
   * 使用密码模式所需配置
   * @param endpoints
   * @throws Exception
   */
  @Override
  public void configure(AuthorizationServerEndpointsConfigurer endpoints) throws Exception {
    // 配置jwt内容增强器
    TokenEnhancerChain enhancerChain = new TokenEnhancerChain();
    List<TokenEnhancer> delegates = new ArrayList<>();
    delegates.add(jwtTokenEnhancer);
    delegates.add(jwtAccessTokenConverter);
    enhancerChain.setTokenEnhancers(delegates);

    endpoints.authenticationManager(authenticationManager)
        .userDetailsService(userService)
        // 配置存储令牌策略
        .tokenStore(tokenStore)
        .accessTokenConverter(jwtAccessTokenConverter)
        .tokenEnhancer(enhancerChain)
    ;

//    endpoints.authenticationManager(authenticationManager)
//            .userDetailsService(userService)
//            .tokenStore(tokenStore);

  }
}
